Regarding the aggregation of logs and setting thresholds for external notification

Hi all.

I'm thinking of implementing a system in BIG-IP APM VE to externally notify when the number of logs exceeds a certain threshold.

The threshold setting is to aggregate the logs of "Access Policy Result: ~~~ deny" when a policy is denied.

When this log exceeds the threshold value within a certain period of time(For example, monitor the logs once every five minutes.), 

an external notification is sent to the administrator.

For external notifications, we are assuming email notifications via an SMTP server.

The questions are as follows.

①　Is it possible to aggregate the specified logs and set the threshold for external notification?

②　Is it going to be implemented in iCall or iRule?

Please let me know if you have any good ideas.

Thank you for your support.